Risk management in even the most successful businesses has tended to be in "silos"  the insurance risk, the technology risk, the financial risk, the environmental risk, all managed independently in separate compartments. This chapter looks at a new model  enterprise-wide risk management  in which the management of risks is integrated and coordinated across the entire organization, and a culture of risk awareness is created.

This chapter is from the book

Risklet's get this straight up frontis good. The point of
risk management isn't to eliminate it; that would eliminate reward. The
point is to manage itthat is, to choose where to place bets, and where to
avoid betting altogether.

As businesses worldwide enter the twenty-first century, they face an
assortment of risks almost unimaginable just 10 years ago. E-commerce has become
ingrained in society with amazing speed: Companies that cannot keep up are
doomed to obsolescence in record time. Technology is driving business models to
be retooled in months instead of years. The traditional gatekeepers of
information are being supplemented with the Internet democracy in which anyone
with a PC can disseminate information widely and quicklyfor good or
bad.2
Derivatives, which were originally intended to help manage
risk, have themselves created whole new areas of risk.

It is probably axiomatic that well-managed businesses have successful risk
management. Over time, a business that cannot manage its key risks effectively
will simply disappear. A disastrous product recall could be the company's
last. A derivatives debacle can decimate staid old institutions over a long
weekend. But historically, risk management in even the most successful
businesses has tended to be in "silos"the insurance risk, the
technology risk, the financial risk, the environmental risk, all managed
independently in separate compartments. Coordination of risk management has
usually been nonexistent, and the identification of new risks has been sluggish.

This study looks at a new modelenterprise-wide risk managementin
which the management of risks is integrated and coordinated across the entire
organization. A culture of risk awareness is created.

Farsighted companies across a wide cross section of industries are
successfully implementing this effective new methodology.

An Abundance of Uncertainty

Uncertainty abounds in today's economy. Every organization is, to some
extent, in the business of risk management, no matter what its products or
services. It is not possible to "create a business that doesn't take
risks," according to Richard Boulton and colleagues. "If you try, you
will create a business that doesn't make money."
3 As a
business continually changes, so do the risks. Stakeholders increasingly want
companies to identify and manage their business risks. More specifically,
stakeholders want management to meet their earnings goals. Risk management can
help them do so. According to Susan Stalnecker, vice president and treasurer of
DuPont, "Risk management is a strategic tool that can increase
profitability and smooth earnings volatility."
4 Senior
management must manage the ever-changing risks if they are to create, protect,
and enhance shareholder value.

Two groups have recently emphasized the importance of risk management at an
organization's highest levels. In October 1999, the National Association of
Corporate Directors released its Report of the Blue Ribbon Commission on
Audit Committees, which recommends that audit committees "define and
use timely, focused information that is responsive to important performance
measures and to the key risks they oversee."
5 The report states
that the chair of the audit committee should develop an agenda that includes
"a periodic review of risk by each significant business unit." In
January 2000, the Financial Executives Institute released the results of a
survey on audit committee effectiveness. Respondents, who were primarily chief
financial officers and corporate controllers, ranked "key areas of business
and financial risk" as the most important for audit committee
oversight.6
With the speed of change increasing for all companies in
the New Economy,
7 senior management must deal with a myriad of
complex risks that have substantial consequences for their organization. Here
are a few of the forces creating uncertainty in the New Economy:

Technology and the Internet

Increased worldwide competition

Freer trade and investment worldwide

Complex financial instruments, notably derivatives

Deregulation of key industries

Changes in organizational structures resulting from downsizing,
reengineering, and mergers

Higher customer expectations for products and services

More and larger mergers

Collectively, these forces are stimulating considerable change and creating
an increasingly risky and turbulent business environment. Perhaps no force on
the list is having as great an impact on business as the Internet. As the
Internet comes of age, companies are rethinking their business models, core
strategies, and target customer bases. "Getting wired," as it is often
called, provides businesses with new opportunities, but it also creates more
uncertainty and new risks.8
In his book The High Risk Society,
Michael Mandel states, "Economic uncertainty is the price that must be
paid for growth." To be successful, businesses must seek opportunities
"where the forces of uncertainty and growth are the strongest."
9 The mismanagement of risk can carry an enormous price. In recent years,
the business community has witnessed a number of risk debacles that have
resulted in considerable financial loss, decreased shareholder value, damaged
company reputations, the dismissal of senior management, and in some cases the
destruction of the business. Consider the impact of the following events:

Companies selling poor-quality or defective products, or unnecessary
service, coupled in some cases with severely mishandling the crisis surrounding
the product recall or service problem

Environmental disasters and inadequate attention to the resulting
crisis

This increasingly risky environment, in which a debacle can have major and
far-reaching consequences, requires that senior management adopt a new
perspective on risk management. The new perspective should be one that not only
prevents debacles but also enhances shareholder value. Indeed, the New Economy
calls for a new risk management paradigm.